CVE-2025-20230

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.1 Splunk Enterprise versions prior to 9.3.3 Splunk Enterprise versions prior to 9.2.5 Splunk Enterprise versions prior to 9.1.8 Splunk Secure Gateway app on Splunk Cloud Platform versions prior to 3.8.38 Splunk Secure Gateway app on Splunk Cloud Platform versions prior to 3.7.23

Description A low-privileged user without the admin or power Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections created by the Splunk Secure Gateway app. This issue is due to missing access control and incorrect ownership of the data in those KVStore collections, where the nobody user owned the data.

Recommendations For Splunk Enterprise versions prior to 9.4.1, update to version 9.4.1 or later. For Splunk Enterprise versions prior to 9.3.3, update to version 9.3.3 or later. For Splunk Enterprise versions prior to 9.2.5, update to version 9.2.5 or later. For Splunk Enterprise versions prior to 9.1.8, update to version 9.1.8 or later. For Splunk Secure Gateway app on Splunk Cloud Platform versions prior to 3.8.38, update to version 3.8.38 or later. For Splunk Secure Gateway app on Splunk Cloud Platform versions prior to 3.7.23, update to version 3.7.23 or later.